[Samba] Authentication to Secondary Domain Controller initially fails when PDC is offline

L.P.H. van Belle belle at bazuin.nl
Thu Nov 12 15:17:26 UTC 2015 

Ahi Ole, 

An hany site. 

http://blogs.msdn.com/b/servergeeks/archive/2014/07/12/dns-records-that-are-required-for-proper-functionality-of-active-directory.aspx 

greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Ole Traupe
> Verzonden: donderdag 12 november 2015 15:33
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Authentication to Secondary Domain Controller
> initially fails when PDC is offline
> 
> 
> >>> On server side you may set shorter TTL for the server records, but
> >>> then you have more DNS traffic. On small netwoks (sites up to 20
> >>> clients, no wifi) I have good experience with a TTL of 180.
> >> Ok. So I do this on my Samba DCs (my domain DNS servers), and this
> >> will affect Windows and Linux domain clients/member servers
> >> likewise?
> > Theoretically yes. Assume you have a imap or web server installed on
> > your DC ( bad idea). I am pretty sure that some mail clients and
> > browsers have their own cache for ip adressess. So the a records may be
> > cached on application level. How do this caches works?
> >
> > The soa record should only be used by the resolver libs.
> >
> > The srv txt records are used by many apps. ie the netlogon process.
> > Netlogon picks randomly one dc, if more than one record exist for a
> > site. If this dc is down or unreachable, netlogon try this dc until ttl
> > times out and then try the next one. This is at least true for windows
> > xp, not for 2000. Should be true for all current windows versions.
> >
> 
> Sorry that I ask again, I have little experience with DNS.
> 
> I have A records for all my DCs in "my.domain.com" and
> "_msdcs.my.domain.com". I have SOA and NS records in both places, but
> only for the First_DC (FSMO role holder). Is that ok?
> 
> Only SOA and NS records have TTL settings. Do I have to change both?
>  From your above comment I take that you would advise it. Otherwise,
> trying to resolve a host wouldn't be diagnostic of the DNS request
> during the logon process.
> 
> To whom it may concern: TTL seems to be set to 1h, by default, with
> Samba4.
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list